﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

    public partial class UserChangePassword : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                if (!IsPostBack)
                {
                    lblUserID.Text = Session["USER_USERID"].ToString();
                    btnSubmit.Attributes.Add("onclick", "return VerifySubmit();");
                }
            }
            catch (Exception ex)
            {
                lblMessage.Text = "<br>" + ex.Message + "<br><br>";
            }
        }

        protected void btnSubmit_Click(object sender, EventArgs e)
        {
            try
            {
                DataTable dt = new DataTable();
                DBConn oDBConn = new DBConn();
                oDBConn.OpenConnection();

                SqlCommand oCommand = new SqlCommand("sp_Deal_User_SELECTBYID", oDBConn.DBConnection);
                oCommand.CommandType = CommandType.StoredProcedure;
                oCommand.Parameters.Add("@User_ID", SqlDbType.VarChar).Value = Session["USER_USERID"];

                SqlDataAdapter oDataAdapter = new SqlDataAdapter(oCommand);
                oDataAdapter.Fill(dt);
                oDataAdapter = null;

                if (dt.Rows.Count > 0)
                {
                    string strPassword = dt.Rows[0]["User_Password"].ToString();
                    string strOldPassword = Security.CipherCode(txtOldPassword.Text.Trim());

                    if (strOldPassword == strPassword)
                    {
                        string strNewPassword = Security.CipherCode(txtNewPassword.Text.Trim());

                        oCommand = new SqlCommand("sp_Deal_User_UPDATE_PASSWORD", oDBConn.DBConnection);
                        oCommand.CommandType = CommandType.StoredProcedure;
                        oCommand.Parameters.Add("@User_ID", SqlDbType.VarChar).Value = Session["USER_USERID"].ToString();
                        oCommand.Parameters.Add("@User_Password", SqlDbType.VarChar).Value = strNewPassword;
                        oCommand.ExecuteNonQuery();

                        lblMessage.Text = "<br>เปลี่ยนรหัสผ่านเรียบร้อยแล้ว<br><br>";
                    }
                    else
                    {
                        lblMessage.Text = "<br>ไม่สามารถเปลี่ยนรหัสผ่านได้ เนื่องจากระบุรหัสผ่านเดิมไม่ถูกต้อง<br><br>";
                    }
                }
                else
                {
                    lblMessage.Text = "<br>ไม่สามารถเปลี่ยนรหัสผ่านได้ กรุณาติดต่อผู้ดูแลระบบ<br>'ไม่พบข้อมูล'<br><br>";
                }
                oDBConn.Disconnect();
            }
            catch (Exception ex)
            {
                lblMessage.Text = "<br>" + ex.Message + "<br><br>";
            }
        }
    }
